Route Origin Authorization 

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Y9kbOok1m2TARy4RoZILF50w4WI.roa
File:                     Y9kbOok1m2TARy4RoZILF50w4WI.roa (raw, json)
Hash identifier:          5n4SDAhLWtmGYFme8QOvDziLgh832TC+HEA7EF2IUQ8=
Subject key identifier:   63:D9:1B:3A:89:35:9B:64:C0:47:2E:11:A1:92:0B:17:9D:30:E1:62
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       018CC3B6C023A3AADBA8F68329C78C294C29
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Y9kbOok1m2TARy4RoZILF50w4WI.roa
Signing time:             Mon 01 Jan 2024 06:29:43 +0000
ROA not before:           Mon 01 Jan 2024 06:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206361
IP address blocks:        88.209.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c0:23:a3:aa:db:a8:f6:83:29:c7:8c:29:4c:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan  1 06:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=63d91b3a89359b64c0472e11a1920b179d30e162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:70:9e:40:0a:b5:5a:8c:f3:a8:4a:95:20:b3:
                    96:09:a9:3e:e1:db:3c:19:f2:88:17:c5:a8:3a:06:
                    13:f3:de:d0:f1:d0:49:6a:c7:e5:49:66:37:71:89:
                    0c:72:41:d1:da:c7:17:df:3e:19:72:c0:3f:7c:93:
                    9f:27:13:29:e3:2a:f8:c2:ee:b8:59:6a:30:2d:02:
                    60:d3:0d:57:e1:e2:e2:e6:2f:de:70:3f:02:6c:e0:
                    aa:b4:4d:d3:f8:70:60:eb:09:9f:74:40:cd:33:29:
                    66:a4:eb:a4:f7:dc:a1:e0:a3:2f:1a:3e:10:62:5d:
                    b0:fc:68:57:52:0e:06:1a:de:5b:71:6d:de:07:7a:
                    e1:0a:f6:ef:bf:61:f4:3c:fd:81:2b:77:ff:fd:e1:
                    24:f4:f3:37:86:b4:8e:01:94:4f:53:30:32:87:9f:
                    77:18:2e:9d:84:83:25:a4:6b:cd:af:ee:b6:91:dc:
                    00:fc:b6:4f:ec:1d:51:17:3b:b2:b0:f4:74:83:ad:
                    95:57:a7:d8:53:6a:bd:3d:71:27:8f:c0:e0:a6:23:
                    c8:ab:f5:16:0b:94:87:ad:98:ac:95:64:23:01:65:
                    47:63:22:cd:65:71:40:99:6a:4e:0c:07:46:4b:04:
                    3c:04:f7:b1:4a:aa:51:ff:5c:ce:e8:a0:dd:e7:b4:
                    c6:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D9:1B:3A:89:35:9B:64:C0:47:2E:11:A1:92:0B:17:9D:30:E1:62
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/Y9kbOok1m2TARy4RoZILF50w4WI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:81:8e:e2:38:71:58:95:aa:a3:89:f3:fc:1b:0e:57:dc:cf:
         13:79:43:35:eb:85:a9:eb:c6:fb:ce:97:94:36:08:27:17:07:
         52:a8:5f:ed:d1:4d:9e:d4:d7:0a:89:43:01:d2:a6:0c:b2:ba:
         83:22:3b:07:4b:73:49:92:b9:3b:db:ed:a5:6a:3b:f9:1b:f7:
         51:2b:4b:b3:4e:e7:a9:ec:2e:5d:3a:03:61:46:78:a5:25:5a:
         3c:0a:5d:1c:e8:2a:7e:30:eb:4d:45:8e:ac:f1:94:3c:e3:10:
         f9:47:94:59:67:43:ec:f5:94:56:ef:20:38:9c:94:7b:e5:9c:
         3d:12:8f:63:d8:ae:55:ae:18:d4:1f:c6:81:f5:43:dc:84:58:
         68:21:b4:90:0c:97:59:98:45:1e:65:26:8d:d9:8f:d7:fb:55:
         7d:66:8a:9d:cb:ae:fd:79:5f:34:cb:13:fb:69:87:1a:b6:68:
         b5:d4:b8:e6:03:3f:6e:c4:f6:d4:d6:e5:99:bd:a4:ac:9a:2a:
         83:76:69:bb:0d:7b:87:6e:17:97:aa:0d:a7:ae:ff:1b:0d:5d:
         3c:b0:df:be:42:45:70:87:7b:bb:6f:5c:6e:cd:df:fb:6b:8a:
         0c:a8:55:e8:b8:04:ea:24:31:6b:4f:c9:45:68:28:f8:4b:87:
         88:d8:ce:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtsAjo6rbqPaDKceMKUwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMTAxMDYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2Q5MWIzYTg5MzU5YjY0YzA0NzJlMTFhMTkyMGIxNzlkMzBlMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnCeQAq1WozzqEqVILOWCak+4ds8
GfKIF8WoOgYT897Q8dBJasflSWY3cYkMckHR2scX3z4ZcsA/fJOfJxMp4yr4wu64
WWowLQJg0w1X4eLi5i/ecD8CbOCqtE3T+HBg6wmfdEDNMylmpOuk99yh4KMvGj4Q
Yl2w/GhXUg4GGt5bcW3eB3rhCvbvv2H0PP2BK3f//eEk9PM3hrSOAZRPUzAyh593
GC6dhIMlpGvNr+62kdwA/LZP7B1RFzuysPR0g62VV6fYU2q9PXEnj8DgpiPIq/UW
C5SHrZislWQjAWVHYyLNZXFAmWpODAdGSwQ8BPexSqpR/1zO6KDd57TGewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPZGzqJNZtkwEcuEaGSCxedMOFiMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWTlrYk9vazFtMlRBUnk0Um9aSUxGNTB3NFdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHBMA0G
CSqGSIb3DQEBCwUAA4IBAQATgY7iOHFYlaqjifP8Gw5X3M8TeUM164Wp68b7zpeU
NggnFwdSqF/t0U2e1NcKiUMB0qYMsrqDIjsHS3NJkrk72+2lajv5G/dRK0uzTuep
7C5dOgNhRnilJVo8Cl0c6Cp+MOtNRY6s8ZQ84xD5R5RZZ0Ps9ZRW7yA4nJR75Zw9
Eo9j2K5VrhjUH8aB9UPchFhoIbSQDJdZmEUeZSaN2Y/X+1V9Zoqdy679eV80yxP7
aYcatmi11LjmAz9uxPbU1uWZvaSsmiqDdmm7DXuHbheXqg2nrv8bDV08sN++QkVw
h3u7b1xuzd/7a4oMqFXouATqJDFrT8lFaCj4S4eI2M5c
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:16:00 2024 by rpki-client on console-fra.rpki-client.org